This document discusses technology risk management. It covers topics like IT governance, balancing investments between maintaining existing systems and innovating new capabilities, and the evolution of the CIO role. It also addresses risks related to new technologies, compliance with increasing regulations, and the importance of managing technology risks as businesses become more reliant on technology. Diagrams showcase frameworks for assessing risks and balancing IT portfolios. The document emphasizes that managing technology risks has become a business priority.
Enterprise Applications, Analytics and Knowledge Products Positionings in Isr...Einat Shimoni
STKI's analysis of the Israeli Market: players and positionings in Enterprise Applications, Marketing Technologies, BI & Analytics, Knowledge Management, Web & eCommerce.
Based on research, Dennis Drogseth, VP of research at leading IT analyst firm Enterprise Management Associates (EMA), provides unique insights into how IT organizations are operationalizing their advanced IT analytics investments.
Digital Alpha is a leading technology and consulting services firm headquartered in New York. We provide solutions for:
- Asset Management companies
- Digital Health-Tech firms
Backed by the best industry minds from wall street companies like Bloomberg, Goldman Sachs, McKinsey, J.P Morgan, and Deloitte - we help enterprises take advantage of the data and digital paradigm to generate new levers that will accelerate growth.
One of the critical aspects of adopting a digital ecosystem is modernizing or enhancing legacy business suites through evolving technology platforms and frameworks to endure in this digital age. We leverage our integrated array of IT solutions, accelerators, and software expertise to achieve a technological breakthrough and enable companies with a more agile transformation.
Our actionable strategy with data-driven methodologies help you to solve the most complex problems in the following disciplines:
- Data Engineering
- Platform Engineering
- Business Operations Automation
AIOps is in full swing across enterprises of all sizes, with more than 90% of organizations in active deployment. Although the discipline is still relatively new to IT (more than 60% of the implementations are less than two years in), there are big wins to be had—both quantifiable and qualitative. In fact, AIOps has a very high success rate (95%) and almost universally pays for itself.
These slides—based on the research webinar from leading IT research firm Enterprise Management Associates (EMA)--examine the characteristics that are common to the 21% who rate the impact of AIOps on the IT/business relationship as “transformational.”
Since 2012, leading IT research firm EMA has conducted more than five separate AIOps research projects, including reviews of more than 70 AIOps-related customer deployments. Deep insights into this topic continue with these slides—based on the research webinar--that provide the latest insights into how to best succeed in AIOps deployments and unify IT in the process.
In the digital world, semi-structured data is as important as transactional, structured data. Both need to be analyzed to create a competitive advantage. Unfortunately, neither the data lake nor the data warehouse are adequate to handle the analysis of both data types.
These slides—based on the webinar from EMA Research and Vertica—delve into the push toward the innovative unified analytics warehouse (UAW), a merging of the data lake and data warehouse.
Artificial Intelligence for IT Operations (AIOps) is the concept of using big data analytics, machine learning, and other advanced technologies to enhance IT operations.
Research from leading IT analyst firm EMA has found that enterprises are applying AIOps solutions to network infrastructure today to enhance service assurance and automation.
These slides from the webinar featuring EMA Research and VeloCloud, now part of VMware, explore how research enterprises are driving toward self-healing networks with AIOps solutions and transforming network operations.
DevOps took us from SysAdmins to DeployAdmins to improve availability but came with a tidal wave of tools and environments, leaving detecting anomalies and finding root cause a task for the overcrowded war-room of siloed experts.
Developers need to understand infrastructure, and operations needs to understand the SDLC.
The good news is AIOps can help!
Let’s look at what AIOps can realistically do for us, identify criteria for where to automate and lay out the stepping stones for achieving AIOps.
Enterprise Applications, Analytics and Knowledge Products Positionings in Isr...Einat Shimoni
STKI's analysis of the Israeli Market: players and positionings in Enterprise Applications, Marketing Technologies, BI & Analytics, Knowledge Management, Web & eCommerce.
Based on research, Dennis Drogseth, VP of research at leading IT analyst firm Enterprise Management Associates (EMA), provides unique insights into how IT organizations are operationalizing their advanced IT analytics investments.
Digital Alpha is a leading technology and consulting services firm headquartered in New York. We provide solutions for:
- Asset Management companies
- Digital Health-Tech firms
Backed by the best industry minds from wall street companies like Bloomberg, Goldman Sachs, McKinsey, J.P Morgan, and Deloitte - we help enterprises take advantage of the data and digital paradigm to generate new levers that will accelerate growth.
One of the critical aspects of adopting a digital ecosystem is modernizing or enhancing legacy business suites through evolving technology platforms and frameworks to endure in this digital age. We leverage our integrated array of IT solutions, accelerators, and software expertise to achieve a technological breakthrough and enable companies with a more agile transformation.
Our actionable strategy with data-driven methodologies help you to solve the most complex problems in the following disciplines:
- Data Engineering
- Platform Engineering
- Business Operations Automation
AIOps is in full swing across enterprises of all sizes, with more than 90% of organizations in active deployment. Although the discipline is still relatively new to IT (more than 60% of the implementations are less than two years in), there are big wins to be had—both quantifiable and qualitative. In fact, AIOps has a very high success rate (95%) and almost universally pays for itself.
These slides—based on the research webinar from leading IT research firm Enterprise Management Associates (EMA)--examine the characteristics that are common to the 21% who rate the impact of AIOps on the IT/business relationship as “transformational.”
Since 2012, leading IT research firm EMA has conducted more than five separate AIOps research projects, including reviews of more than 70 AIOps-related customer deployments. Deep insights into this topic continue with these slides—based on the research webinar--that provide the latest insights into how to best succeed in AIOps deployments and unify IT in the process.
In the digital world, semi-structured data is as important as transactional, structured data. Both need to be analyzed to create a competitive advantage. Unfortunately, neither the data lake nor the data warehouse are adequate to handle the analysis of both data types.
These slides—based on the webinar from EMA Research and Vertica—delve into the push toward the innovative unified analytics warehouse (UAW), a merging of the data lake and data warehouse.
Artificial Intelligence for IT Operations (AIOps) is the concept of using big data analytics, machine learning, and other advanced technologies to enhance IT operations.
Research from leading IT analyst firm EMA has found that enterprises are applying AIOps solutions to network infrastructure today to enhance service assurance and automation.
These slides from the webinar featuring EMA Research and VeloCloud, now part of VMware, explore how research enterprises are driving toward self-healing networks with AIOps solutions and transforming network operations.
DevOps took us from SysAdmins to DeployAdmins to improve availability but came with a tidal wave of tools and environments, leaving detecting anomalies and finding root cause a task for the overcrowded war-room of siloed experts.
Developers need to understand infrastructure, and operations needs to understand the SDLC.
The good news is AIOps can help!
Let’s look at what AIOps can realistically do for us, identify criteria for where to automate and lay out the stepping stones for achieving AIOps.
Marlabs helps establish and sustain the client’s company wide vision for cyber security strategies for addressing regulations, audit, and security risks.
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay.
In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.
Integrating CA Project & Portfolio Management (CA PPM) to an agile management application is a growing need throughout the PPM community. Whether you are using Rally, Version One or, even, Jira, the needs are the same: to gain a unified perspective on resources, projects and budgets. Attendees in this course will learn about CA PPM agile integrations and how to gain visibility across the organization.
For more information, please visit http://cainc.to/Nv2VOe
Agile Capitalization For Greater Business ValueCA Technologies
With disruptive technology advances, software assets play an increasingly important role in creating a competitive advantage. It’s time for organizations to recognize and manage business software as a strategic corporate asset.
To keep up with the speed of business, companies turn to agile practices to deliver better customer value faster.
Challenge: agile software development is too often misunderstood and misreported, impacting taxation, higher volatility in Profit and Loss (P&L) statements, and dramatic, unnecessary staff cuts in an economy where talent retention is paramount to foster innovation.
To avoid those negative implications, companies can evolve their financial reporting practices to leverage the financial advantage of agile so they can benefit from the significantly increased tax savings and investor interest associated with agile capitalization.
This session will unravel the benefits of agile capitalization and explain how to appropriately interpret and apply generally accepted accounting standard (GAAP SOP 98-1 and ASC 350-40) so your organization can increase its agile adoption to deliver more business value faster to customers.
For more information, please visit http://cainc.to/Nv2VOe
How does the cio contrinute to other CxOs?Einat Shimoni
This presentations descrobes how the CIO contributes to other CxOs in application areas such as "Systems of engagement" versus "Systems of records". Web, mobile, omni-channel, digital, social, CRM, and also - ERP, CRM, HR and talent management, Knowledge management and analytics.
Recommended for CIOs and Applications Managers
In this session we will discuss how next generation business applications enable the
creation of much needed hyper-personalized experiences for customers and employees.
Center Office is a new delivery model that is emerging in response to the need to deliver
end to end hyper-personalized solutions that improve on older enterprise (legacy)
applications. Center Office relies on technologies such as APIs, microservices and
Hyperautomation (next level of automation that meshes AI tools with RPA,, enabling
scaling for complex business processes).
How do we manage employees' experiences as well as preserve talent and create
collaborative workplaces for teams? which new skills are needed? what will the
workforce of the future look like? Which new tools are needed for HR (employee well-
being)?
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
1. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
STKI is here to serve you………
1
2. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Technology Risk Management:
Governance, Compliance,
Security & Cyber
ENGAGE
&
INNOVATE
GOVERN
&
PROTECT
DELIVER
&
MAINTAIN
2
3. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
IT Complexity
SocialAPIs
Systems
of Records Systems of
Engagement
Legacy
Cost Center
eCommerce
Enterprise
App Store
Enterprise
Mobility
Engage &
Innovate
Govern &
Protect
Deliver &
Maintain
Engage &
Innovate
Govern &
Protect
Deliver &
Maintain
IT
strategy
3
4. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Govern and Protect
4
5. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Strategic direction may change by
the time a final budget is approved
Increasing Pace Of Business Changes
5
Traditional IT Governance methods:
no longer work in a business world
demanding speed & value
6. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Bi-model IT
6
Invest
in new
systems
Reduce
Operating
Expenses
Long development and
deployment cycles
Touch people
In-moment decisions
Personalized & in-context
Social and analytics driven
Short & rapid releases
Doing IT right,
efficiency, safely
Doing IT fast
IT don't have to be
perfect, just quick
IT with different
⁻ people,
⁻ set of skills
⁻ processes,
⁻ tools
supporting each
Systems of
Records
evolving
to
Transactions
Systems of
Engagement
evolving
to
Immersion
7. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Balance and re-balance IT assets allocation
7
70%
30%
Email, upgrade,
maintenance, operations
Transformational investments,
new capabilities
8. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Provide visibility into IT
“…And that in quick view what
we have in our IT today”
Programs
& projects
HW & SW
assets
ContractsVendors
Partners
Costs
Accountability is ultimately more important today
than cost cutting 8
9. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
IT Governance – Office of the CIO
9
Programs
& projects
HW & SW
assets
ContractsVendors
Partners
CostsChargeback
Service catalog
Business models
Financial stability
Vendor evaluation
& mngt
Demand mngt
Agility
Project mngt
EA
Asset mgt
Agreement mgt
Benchmarks
SOW
SLA mngt
Skill mngt
Resource
mngt
ITIL
Risk
mngt
Accountability
Future roadmaps
Business – IT
Orchestrator
Navigator
IT
10. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Highest business value possible
10
Internal
IT
XaaSExternal
provider
• Demand identification
shaping, aggregation
& prioritization;
• Expectation mngt
• Business value
• Business changes
hatmaa
• Services & products
supply in terms of
quality and capacity
• Resources coordination
• IT services & products
catalog
• Agility
Explore technology trends and
new potential business review
Align to business strategy
and risk appetite
BRM
Internal impact
External impact
LoB
LoBLoB
11. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
IT Governance evolvement: 3 types of CIOs
11
Conservative
CIO
PMO
Modern
CIO
Early adaptor
CIO
Strategic
BRM
• Demand mngt
• Portfolio mngt
• Project mngt
• Resource mngt to ensure
correct services & products supply
• Project tool
• Reporting
• Project risk mngt
• Demand coordination and
aggregation, PPM
• Enterprise architecture
• Resource mngt
• PPM / Governance tool
• Business & IT executives
dashboards
• Technology risk mngt –
compliance & reliable reporting
• Facilitate business and IT
convergence
• Removing boundaries – embeds
IT capabilities with LoBs to
increase agility and business value
• Innovation
• Enterprise architecture
• PPM
• Holistic IT Governance tool
• Proactive technology risk mngt
Tactical
Office of the CIO
12. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Technology
Risk
Management
12
13. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
The dark side of innovation & new business models
13
• Emerging technologies bring completely new and often unknown challenges and risks:
Digital information is growing exponentially
Access to enterprise info is often done from customers and employees' private smart devices
Boundaries between customer and organization are blurred
• Same is with new business models:
Managing privacy, regulatory compliance and legal aspects
in public cloud technology.
On demand or sharing economy leads us to a necessity
to manage our own online reputation
• Growing risk of security breach or data loss
14. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Start with your own personal data
14
Ministry of Defense's personal security online educational campaign:
'Think Before You... Share'
15. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Sharing (on-demand) economy
15
share our living spaces
share our knowledge
share our cars
share our parking space
How do I know Airbnb guest won’t ransack my apartment?
Is it guaranteed that a Getaround user will return my car?
16. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Reputation economy
16
- portable measure of trust
17. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Who are you Galit Fein?
Who is responsible for the
personal risk management? 17
18. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Why Manage Risks?
Corporate catastrophes are all too common
18
BP will plead guilty to manslaughter charges stemming from the 2010 Deepwater Horizon explosion
and oil spill in the Gulf of Mexico, and agreed to pay $4.5 billion in government penalties, Attorney
General Eric Holder announced Thursday.
19. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Risk equals new opportunity
19
20. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
What is Risk?
• Risk is intentional interaction with uncertainty
• Enterprise risk is the effect of uncertainty on
objectives and organization goals
• Risk mngt - In today’s uncertain times we have
to prepare response for unwanted events
in advance
• Accepting risk is OK; ignoring risk is tragic
20
21. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Managing technology risk is now a business priority
• With the increasing importance of technology and business
reliance on technology – focus is shifting to
technology risk
• It’s not about project risks, it will continue to run in PMO
• It’s not limited to security
• For the first time business executives ask IT:
“What may be the impact on the organization,
from all IT-related risks?”
21
Source: Riskjournal
22. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
22
23. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Technology risks
Project related
• Entering (NOT) to new technology
• Difficulties related to new technology
hatmaa
• Big project failure
• Is the project technically feasible?
• Could the technology be obsolete
before a useful product be produced?
• Late project delivery
Non project related
• Obsolete or inflexible IT architecture
• Cloud based solution
• Unstable systems
• Not achieving enough value from IT
• Compliance
• Misalignment
• IT service delivery problems
• Employee related fraud
23
24. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Tsunami of Regulations
•Data Privacy Laws
•Freedom of Information Act
•HIPAA
•Payment Card Industry Data Security Standard
•Homeland Security
•Sarbanes-Oxley
•BAZEL II
•Industry specific regulations (HACCP)
•Federal Rules of Civil Procedure
24
Legal costs, fines and
damages could be
reduced by 25% if
organizations applied
best practice
procedures to records
management, security
and e-Discovery.
Source: Monica Crocker, Land O’Lakes at #AIIM13
25. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Technology Risks Compliance
•Technology Risks Compliance = legal requirements + industry standards +
organizational policies and guidelines, and more...
• Finding and retrieving information on demand
• Controlling access and confidentiality
• Monitoring and reporting for enforcement
• Comprehensive auditing
• Secure retention and destruction
25
Compliance is key:
deceptive marketing,
debt traps, dead ends,
discrimination, retailer
data breaches,
emerging technologies
protections
There’s a huge price
for non-compliance!
26. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Technology Risk Mngt evolvement: 3 types of CIOs
26
Conservative
CIO
Modern
CIO
Early adaptor
CIO
IT risk mngt: their own risk
department
• Risks being managed in silos
per specific project, tech, etc.
• GRC as unnecessary and
burdensome reactions to
regulations and risk events
• Policy & methodology
• Random risk assessment
• Regulatory Compliance
• Holistic & continues approach
• Substantial need
• Proper processes & activities of
the IT supporting & promoting
business goals
Strategic & proactive
technology risk mngt
Risks being managed
as part of IT projects
or security
ValueBurden
Risk mngtCrisis mngt
27. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
And Remember:
27
AND
WHEN IT WENT WRONG
DO YOU KNOW THE RISK?
28. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Why effective cyber security platform is a vital component of risk management?
2828
ENGAGE
& INNOVATE
GOVERN
&
PROTECT
DELIVER
&
MAINTAIN
IT Strategy
29. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Cyber Insurance
Cybersecurity insurance is designed to mitigate losses from a variety of cyber
incidents, including data breaches, business interruption, and network damage.
A cybersecurity insurance market could help reduce the number of successful cyber
attacks by:
(1) promoting the adoption of preventative measures in return for more coverage;
(2) encouraging the implementation of best practices by basing premiums on an
insured’s level of self-protection.
29
30. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Cyber insurance solutions
30
31. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
IT GRCs General Control Areas
Source: Menny Barzilay
31
32. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Be prepared for the worst
32Source: http://id.lockheedmartin.com/blog/risky-business-the-role-of-risk-management-in-cyber-security
Cyber security executives can leverage the risk management toolset to communicate
clearly to their executive teams and more importantly secure funding for important
security programs.
33. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Which “Security” type are you? Your winning hand is…
33
Conservative CIO
Systems to support clients’
functional needs efficiently
Customers IDM
API security
Common technologies
NAC
SIEM
DLP
FW+IPS
SSL+ OTP
IDM
Application Security Testing
Modern CIO
Systems to spur intimacy
with customers and turns
them into advocates
Adaptive Access Control
Security as a service
Cyber risk management
Security analysis
behavior
Cyber SOC
Cyber intelligence
Early adopter CIO
Systems that bond with
customers and immerses them
into the company’s story
Big data cyber analytics
IoT and wearables
Cyber insurance
Cloud security
SDN security
Open source security
Systems of
records
Systems of
Engagement
Systems of
Immersion
34. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
A Changing Battle-Space: Prevention Is Not Enough
Source:http://www.battery.com/powered/general/2014/09/11/why-
breach-detection-is-your-new-must-have-cyber-security-tool/
34
35. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Security Risks in house
Sensitive Data
leak (SCADA)
System Admins
BYOD
35
36. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
SIEM
Access
Management-IDM
Forensic Tools
DLP
Malware scanning
& Sandbox -WAF
Endpoint security
Steps to govern Security inside threats
Mobile Security
Next generation SOC
36
37. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Cyber threats outside
S.O.S
Zero day
malware & APT
37
38. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
FW+IPS
Access
Management
IDM
Cyber
intelligence
Malware scanning
& Sandbox
API Security
Steps to govern Cyber external threats
Network security
virtualization
Cloud application
Security
38
39. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Cyber Risks
Any organization that:
(1) uses technology in its operations &/or
(2) handles/collects/stores confidential information has Cyber Risks:
Legal liability to others for computer security breaches
Legal liability to others for privacy breaches of confidential information
Regulatory actions, fines and scrutiny
Loss or damage to data / information
Loss of revenue due to a computer attack
Extra expense to recover / respond to a computer attack
Loss or damage to reputation
Cyber-extortion
Cyber-terrorism 39
40. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
2015 cybersecurity predictions
40
41. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Cloud Security
41
42. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Data Breaches Data Loss
Account
Hijacking
Insecure APIs
Denial Of
Service
Malicious
Insiders
Abuse of
Cloud Services
Insufficient
Due Diligence
Shared
Technology
issues
Source: https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf
Moshe Ferber, Cloud Security Alliance Israel
The notorious 9 Cloud computing threats
As described the Cloud Security Alliance
40
43. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Cloud
attack
vectors
Provider
administration
Management
console
Multi tenancy
&
virtualization
Automation
& API
Chain of
supply
Side
channel
attack
Insecure
instances
Source:MosheFerber,CloudSecurityAllianceIsrael
41
44. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Israel cloud adoption - by sector
Private
Cloud
Army, Banks,
Government,
Utility
Cloud curious
checking the
technology
Government
Finance
Telecom
Operators
Health
Cloud adopters
running 2-5 application in
cloud
Telecom
Vendor
Industry
services
Utilities
Cloud focus
most application in
the cloud
High-Tech
Startups
SMB
Source:MosheFerber,CloudSecurityAllianceIsrael
42
45. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Regulations, ordinances and laws in Israel
Laws
• The privacy
laws are
currently
address cloud
as form of
outsourcing.
State level
efforts
• INCB are
working on
cyber
guidelines for
SMB and
private sector.
Sector level
efforts
• Finance: Bank
of Israel
published draft
of guidelines
for Cloud
adoption.
Source:MosheFerber,CloudSecurityAllianceIsrael
45
46. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Tools & Technologies to secure cloud services:
• Encryption gateways
• Governance and compliance
• Identity gateway
SaaS
• Database monitoring and
encryption
• Dynamic and static analysis tools
PaaS
• Governance & compliance
• Encryption
• Multi cloud management
IaaS
Source:MosheFerber,CloudSecurityAllianceIsrael
46
47. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Security is NOT obstacle
Identify information assets
Conduct periodic risk assessments to identify the specific
vulnerabilities your company faces
Develop and implement a security program to manage and control
the risks identified
Monitor and test the program to ensure that it is effective
Continually review and adjust the program in light of ongoing
changes
Oversee third party service provider arrangements
Maintain training for all staff on Information Security
47
48. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Which “Security” type are you? Your winning hand is…
48
Conservative CIO
Systems to support clients’
functional needs efficiently
Customers IDM
API security
Common technologies
NAC
SIEM
DLP
FW+IPS
SSL+ OTP
IDM
Application Security Testing
Modern CIO
Systems to spur intimacy
with customers and turns
them into advocates
Adaptive Access Control
Security as a service
Cyber risk management
Security analysis
behavior
Cyber SOC
Cyber intelligence
Early adopter CIO
Systems that bond with
customers and immerses them
into the company’s story
Big data cyber analytics
IoT and wearables
Cyber insurance
Cloud security
SDN security
Open source security
Systems of
records
Systems of
Engagement
Systems of
Immersion
49. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Technology Risk Mngt evolvement: 3 types of CIOs
49
Conservative
CIO
Modern
CIO
Early adaptor
CIO
IT risk mngt: their own risk
department
• Risks being managed in silos
per specific project, tech, etc.
• GRC as unnecessary and
burdensome reactions to
regulations and risk events
• Policy & methodology
• Random risk assessment
• Regulatory Compliance
• Holistic & continues approach
• Substantial need
• Proper processes & activities of
the IT supporting & promoting
business goals
Strategic & proactive
technology risk mngt
Risks being managed
as part of IT projects
or security
ValueBurden
Risk mngtCrisis mngt
50. Galit Fein & Sigal Russin’s work/ Copyright@2015
Do not remove source or attribution from any slide, graph or portion of graph
Sigal Russin
Sigalr@stki.info
50
Galit Fein
Galit@stki.info